The subject matter disclosed herein relates to data loss prevention and, more particularly, to systems and methods for determining and using a data loss prevention model.
Insider data loss may occur when an employee exits a company with data and/or intellectual property from the company. For example, certain data loss events may involve data off-boarding. Data off-boarding occurs when data is transmitted, or moved, outside of the company by employees that are leaving the company, or are close to leaving the company. Certain data loss detection schemes view data off-boarding as an outlier detection problem, in which the outliers are the employees who attempt to off-board data. In certain data loss detection schemes, data off-boarding detection is performed manually by an operator looking at event records to detect undesirable events. There may be a large number of event records thereby making it difficult to analyze each of the event records. Furthermore, the analysis of each event record, or a combination of event records, may be complex and difficult to manually perform.